Banks, Retailers Point Fingers Over Target Hack

Lobbying associations representing the retail and banking industries are pointing fingers over who's to blame over the breach last month that exposed the credit card numbers of as many as 110 million Target customers.

The National Retail Federation, which represents Target, sent a letter on Tuesday to members of Congress, claiming that banks have failed to upgrade to the most secure technology for processing transactions in the U.S.

"For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation 'PIN and Chip' card technology for customers in Europe and dozens of other markets," Matthew Shaw, CEO of the National Retail Federation, wrote in the letter.

But the banking industry isn't letting that accusation slide. The Independent Community Bankers of America fired back at the retail group with a statement on Wednesday.

"The NRF should focus its attention on responding to the harm that security breaches at several retailers have done to consumers and their financial institutions rather than hurling false allegations blaming the banking industry for these retail breaches," Camden Fine, the CEO of the Independent Community Bankers of America, said.

"Retailers and their processors — not banks — are responsible for the systems in their stores that process payment cards."

Fine said he hopes the massive breaches at Target and Neiman Marcus will spur retailers to adopt better security procedures.

The Target breach was likely the work of a sophisticated ring of hackers, possibly based in Russia, according to a report released last week by the cybersecurity firm iSight, which worked with the Homeland Security Department. The hackers gained access to the credit card numbers by injecting a virus into Target's card readers, the report found.

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.